Supermicro Hardware Was Hacked in Chinese Supply Chain Attack

The latest discovery by a U.S. telecommunications company revealed that China has not stopped it's secret technological war. The U.S. telecommunications company discovered hardware from Super Micro Computer Inc. had been manipulated. The company immediately removed it from its network in August, but the discovery is being hailed as fresh evidence of Chinese tampering in critical technological components being sold to the U.S., according to the company's telecom security experts.

Yossi Appleboum is a security expert at the unnamed U.S. telecommunications company revealed documents, analysis, and other evidence of the tampering in an investigative report by Bloomberg Businessweek. The report detailed how China's intelligence services directed subcontractors to plant malicious hardware chips in Supermicro server motherboards. The sabotage occurred over a two-year that ended in 2015.

<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Zooming in on the Bloomberg animation showing the alleged malicious component in the Supermicro servers looks reasonable for the described attack. It is positioned on an unpopulated SOIC-8 SPI flash footprint between the SOIC-16 SPI flash chip and the BMC. <a href="https://t.co/EdFweJk0EE">pic.twitter.com/EdFweJk0EE</a></p>&mdash; Trammell Hudson ⚙ (@qrs) <a href="https://twitter.com/qrs/status/1047910169261330432?ref_src=twsrc%5Etfw">October 4, 2018</a></blockquote>

Accusations that China has long been hacking U.S. intelligence agencies and targeting the country's infrastructure including tech labs at major universities have been levied against the country for years. China was revealed to be behind multiple thefts of copyrighted digital property from companies including Apple. It is thought that China has stolen proprietary information from dozens of labs that reach into the billions of dollars in value.

China is also believed to be one of the at least 30 countries that hacked Hillary's private email server or was given access to depending on how you look at it. It is not surprising to find yet another hacking attempt from by China although they officially deny the cyber thefts and other hacking accusations. Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps making him a fairly high-ranking member of the intelligence community.

Appleboum is now the co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. From the U.S. he runs a firm that specializes in hardware security and was hired to scan several large data centers by the U.S. telecommunications company which feared they had been compromised.

The telecom company chose to remain unidentified due to Appleboum’s nondisclosure agreement with the client. Appleboum said his firm discovered unusual communications from a Supermicro server and a subsequent physical inspection ensued. The more thorough physical inspection revealed an implant was built into the server's Ethernet connector, not a good thing to find at all. They discovered the component build into the Ethernet connector which most people know is for attaching network cables to computers much like your internet modem connects to your PC at home.

The component was behind the unusual communications from the Supermicro server and Appleboum said it was not the first instance of manipulation of vendors' computer hardware from China he has found. The executive made it clear "Supermicro is a victim – so is everyone else."

He went on to say his concern is that there could be countless points in the supply chain in China where products could be manipulated or introduced. "That's the problem with the Chinese supply chain," Appleboum said. The San Jose, California based company Supermicro issued a statement on the matter saying:

<i>"The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry. We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found. We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations."</i>

Supermicro "strongly refutes" that the servers it sold its customers contained malicious microchips of Chinese origin. China's embassy in Washington declined to comment Monday, according to Bloomberg. China’s Ministry of Foreign Affairs didn’t directly address questions regarding the alleged manipulation of Supermicro servers although it did acknowledge the supply chain's security is "an issue of common concern" and said that "China is also a victim."

Fletcher Cook, a spokesman for AT&T said, "These devices are not part of our network, and we are not affected." A Verizon Communications Inc. spokesman said something similar in response to the Supermicro scandal, "we’re not affected." Other major telecom companies like T-Mobile U.S. Inc. and Sprint Corp. declined to comment.

Part of the problem with the sabotaged components is that hardware manipulation is extremely difficult to detect. U.S. intelligence agencies have invested billions of dollars investigating foreign hacking attempts and sabotage. Appleboum says he is certain of his diagnosis and cited as evidence that the Ethernet connector has metal sides instead of the usual, and cheaper, plastic ones. He says the metal is required to diffuse heat from the hidden chip acting like a mini computer inside.

It was hinted at in general terms several years ago within the Gray Hat part of the ITSEC industry.

BTW: Remember this…. The next time you store your stuff or allow a device access to the "Cloud"… this is only the tip of issue. There are a handful of popular devices with built-in back and side doors.